Snowden left clues for NSA but it missed them all

If the NSA still doesn't know the full extent of the greatest
leak of secrets in its history, it's not because of Edward
Snowden's attempts to cover his tracks. On the contrary, the NSA's
most prolific whistleblower now claims he purposefully left a trail
of digital bread crumbs designed to lead the agency directly to the
files he'd copied.

In a Wired interview
published today, the 31-year-old megaleaker has revealed that
he planted hints on NSA networks that were intended to show which
of its documents he'd smuggled out among the much larger set he
accessed or could have accessed. Those hints, he says, were
intended to make clear his role as a whistleblower rather than a
foreign spy, and to allow the agency time to minimise the national
security risks created by the documents' public release.

The fact that NSA officials have told the press that his haul
may have been as large as 1.7 million documents, says Snowden, is a
sign that the agency has either purposely inflated the size of his
leak or lacks the forensic skills to see the clues he left for its
auditors. "I figured they would have a hard time," Snowden tells
Wired, describing the agency's attempts to reverse-engineer his
leak. "I didn't figure they would be completely incapable."

That image of Snowden as a stealthy spy contrasts sharply with
Snowden's own depiction of his leaking actions. As journalist Glenn
Greenwald wrote in his book No Place To Hide, Snowden
claims he could have left no trace on the NSA's network due to its
lack of audit controls. But he said he instead left behind some
"footprints" to show NSA investigators that he had acted alone and
to prevent suspicion of his coworkers.

Snowden's new claims go further: That he intended those
footprints to outline exactly what he'd taken. In addition to
shedding light on his motives, Snowden says he meant the clues to
allow the NSA to avoid collateral damage from his leaks, changing
codenames and plans to anticipate the release of some of its most
sensitive secrets.

The repetition of the 1.7 million number by political figures
and the press is at least partly intended to mischaracterise
Snowden's intentions, argues his lawyer Jesselyn Radack, who is
also national security director for the whistleblower-focused
Government Accountability Project. "I think they probably didn't
spot the bread crumbs," she says of the NSA's investigators. "Even
if they did get them, I think this [1.7 million] number is
manufactured out of whole cloth to give the impression of a
wholesale data dump. In fact, Ed very carefully selected exactly
what he wanted to turn over and why."

When Wired asked an NSA spokesperson to comment on
Snowden's new claims or its internal estimate of the size of his
leak, spokesperson Vanee Vines responded with this statement:
"If Mr. Snowden wants to discuss his activities, that conversation
should be held with the US Department of Justice. He needs to
return to the United States to face the charges against him."

In a followup inquiry through his ACLU lawyer Ben Wizner,
Snowden wouldn't offer any more details on how exactly he left his
network bread crumbs for the NSA or the real total number of
documents he took. In forensic analyses of a typical
computer network, a leaker's behavior could be
found in everything from logs kept by network monitoring tools to
changes in operating system files like Windows' system
registry, which can be analyzed to show what documents a user has
opened.

Despite his early intention to make the NSA aware of the scope
of his data theft, Snowden may have good reason to now keep the
extent of his leaks secret. That knowledge could serve as an
important bargaining chip if Snowden seeks to return to the U.S.
and negotiate a plea deal, an option he's hinted at exploring.

In the meantime, Snowden tells Wired -- perhaps with a certain
amount of schadenfreude -- that the government's overestimation of
the size of his leak has left it to imagine the worst. "I think
they think there's a smoking gun in there that would be the death
of them all politically," Snowden says. "The fact that the
government's investigation failed -- that they don't know what was
taken and that they keep throwing out these ridiculous huge numbers
-- implies to me that somewhere in their damage assessment they
must have seen something that was like, 'Holy shit.' And they think
it's still out there."